detect/transform: handle overlapping dotprefix

If there is a transform before dotprefix, it operates in place in a single buffer, and must therefore use memmove instead of memcpy to avoid UB. Ticket: 7229
OISF · Nov 26, 2024 · c3a6abf · c3a6abf
1 parent fccb328
commit c3a6abf
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/detect-transform-dotprefix.c b/src/detect-transform-dotprefix.c
@@ -116,8 +116,8 @@ static void TransformDotPrefix(InspectionBuffer *buffer, void *options)
             return;
         }
 
+        memmove(&output[1], buffer->inspect, input_len);
         output[0] = '.';
-        memcpy(&output[1], buffer->inspect, input_len);
         InspectionBufferTruncate(buffer, input_len + 1);
     }
 }